1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and apparatus for processing data. Still more particularly the present invention relates to a method, apparatus, and computer instructions for preventing attacks from a client data processing system.
2. Description of Related Art
The Internet is commonly employed by many users to obtain information and to buy and sell goods and services. Many users and organizations have setup Websites to provide information and to transact business. With this usage, malicious attacks and hacking of Websites has occurred. Attackers often target popular Websites with large amounts of traffic. One type of attack that is used is a denial of service (DoS) attack.
This type of attack is an attack in which a user or organization is deprived of a resource or services that they would normally expect to have on the Internet. Typically, a loss of service is an inability of a particular network service, such as email, to be available or the temporary loss of all network connectivity and services. In some cases, a Website accessed by millions of users may be forced to temporarily cease operation. A denial of service attack also can destroy files in a data processing system. A denial of service attack is considered a type of security breach that does not result in the theft of information or other security loss. These types of attacks, however, may cost the targeted user or organization a great deal of time and money.
A number of different types of denial of service attacks are present. The types of attacks include, for example, buffer overflow attacks, smurf attacks, teardrop attacks, and authentication attacks. These and other types of attacks may cause resources at a Website to be consumed and prevent legitimate users from accessing the Website. Examples of limited resources include bandwidth, database connections, disk storage, processor resources, memory, thread, or application specific resources. All of these resources may be consumed or tied up by attacks that target the resources.
For example, a type of attack that consumes or ties up processor resources is a authentication denial of service attack. In this type of attack, invalid credentials may be presented to the server for a Website or to access services. When credentials are received, processor intensive cryptography processes are needed to determine that the credentials are invalid. As soon as the invalid credentials are detected, the attacker immediately resends the invalid credentials again. This resending of credentials causes the server to repeat the validation process.
Currently, a threshold or tolerance level may be selected for a server to recognize that an authentication denial of service attack is occurring. The threshold may be set for some number of invalid presentations of credentials from a particular client. When such an attack is recognized, the server denies all connection attempts from this malicious client. This client, recognizing that it cannot connect to the server, redirects the attack to another server. The second server goes through the same process as the original server using processor resources to process credentials from the attacking client until a threshold is reached and the second server denies further connections from that client. Although the connections may be denied after the threshold is reached, processor resources are consumed before reaching the threshold. Further, these attacks usually involve large numbers of attacking clients, targeting the server.
Therefore, it would be advantageous to have an improved method, apparatus, and computer instructions for recognizing and preventing authentication denial of service attacks.